exploit

exploit

Facebook confirms researcher exploited privacy settings to quickly collect user phone numbers

thenextweb.com
On Friday, a researcher by the name of Suriya Prakash claimed that the majority of phone numbers on Facebook are not safe. It’s not clear where he got his numbers from (he says 98 percent, while another time he says 500 million out of Facebook’s 600 million mobile users), but...
Facebook confirms researcher exploited privacy settings to quickly collect user phone numbers

Apple pushes out Java update to patch security hole

appleinsider.com
Just hours after Apple announced that it too was victim to a wide-ranging malware attack, the company released a new version of Java for OS X to plug the exploit's hole....
Apple pushes out Java update to patch security hole

Google slates Pwnium 3 contest for March 7, offers up to $3.14159m for vulnerabilities in Chrome OS

thenextweb.com
Google on Monday announced it is hosting its third Pwnium competition, aptly named Pwnium 3, on March 7. The security contest’s main focus will be Chrome OS, for which the company will be offering up to a total of $3.14159 million in rewards for security researchers (Google loves using geeky...
Google slates Pwnium 3 contest for March 7, offers up to $3.14159m for vulnerabilities in Chrome OS

Compromised phpMyAdmin download reinforces importance of verifying checksums

www.extremetech.com
The latest stable version of phpMyAdmin — the popular, GUI-based MySQL database software — was released late last month, but thanks to a compromised download mirror, users running the newest version may still be vulnerable to hackers. At some point after September 22, an unknown attacker managed to insert a...
Compromised phpMyAdmin download reinforces importance of verifying checksums

Apple Steps Up Effort to Stop a Free In-App Purchases Hack, Report

www.pcworld.com
Apple is reportedly cracking down on a hack that lets iOS users trick the App Store into giving them in-app purchases for free with an attempt to more easily identify users and devices involved with the exploit....
Apple Steps Up Effort to Stop a Free In-App Purchases Hack, Report

Ubisoft DRM Fiasco: Allows Any Website To Take Control Of Your Computer

www.techdirt.com
It's been nearly seven years since the great Sony rootkit fiasco, when it was discovered that Sony Music was using some DRM on its CDs that self-installed a rootkit (without letting users know) that had all sorts of security problems and vulnerabilities. The company took a massive hit for this,...
Ubisoft DRM Fiasco: Allows Any Website To Take Control Of Your Computer

Jelly Bean 4.1.2 update hits Galaxy Note 10.1

www.electronista.com
Owners of Samsung's Galaxy Note 10.1 should have begun receiving an update to Android version 4.1.2 Jelly Bean. The update is being rolled out as an over-the-air download, and it enables a number of user interface and functionality changes. The update also fixes an exploit that renders Exynos 4-based processors...
Jelly Bean 4.1.2 update hits Galaxy Note 10.1

US-CERT tells users to disable Java in browsers after exploit

www.computerworld.com
Internet users should consider disabling Java in their browsers because of an exploit that can allow remote attackers to execute code on a vulnerable system, the U.S. Computer Emergency Readiness Team (US-CERT) recommended late Thursday....
US-CERT tells users to disable Java in browsers after exploit

Somebody's watching: how a simple exploit lets strangers tap into private security cameras

www.theverge.com
Last week, a blog called Console Cowboys exposed a security vulnerability in some models of Trendnet home security cameras. Following the instructions on the site, thousands of streaming personal IP cameras can be accessed. Links to the compromised feeds spread quickly on message boards like Reddit and 4chan, where...
Somebody's watching: how a simple exploit lets strangers tap into private security cameras

Skype And Dropbox Fix Redirect Security Hole That Could've Hacked Your Facebook

techcrunch.com
Nir Goldschlager just saved your identity. One of the world’s top white hat security researchers, Goldschlager this week helped Skype and Dropbox fix a critical security flaw that could have let hackers take control of their users’ Facebook accounts. Tomorrow Goldschlager will detail how found the exploit, but he gave...
Skype And Dropbox Fix Redirect Security Hole That Could've Hacked Your Facebook

Five new flaws found in the latest version of Java

www.csoonline.com
A week after disclosing two Java vulnerabilities, a Polish security firm reported finding five more in the latest version of Java. When used together, the new holes could bypass the technology's sandbox in order to install malware. Security Explorations notified Oracle Monday of the vulnerabilities in Java SE 7...
Five new flaws found in the latest version of Java

Cybercriminals are increasingly abusing .eu domains in attacks

www.pcworld.com
Cybercriminals are increasingly using .eu domain names in their attack campaigns, according to data from multiple security companies. "Numerous malicious .eu domains have been registered during November which are being used to infect PCs with malware via the Blackhole exploit kit," said Fraser Howard, principal virus researcher at security...
Cybercriminals are increasingly abusing .eu domains in attacks
Samsung Galaxy S III security fix reportedly rolling out to UK users

PS Vita homebrew loader arrives today, but only if you have this hard-to-get game (video)

www.engadget.com
...And here's the catch: the game you need is Motorstorm Arctic Edge (or 'Raging Ice' in Japan), and it appears to have already been pulled from the PS Store. Besides, it was never compatible with US-registered Vitas in the first place. Nevertheless, if you happen to have bought this...
PS Vita homebrew loader arrives today, but only if you have this hard-to-get game (video)
And now spammers have discovered Pinterest too Pinterest comes under spam attack

Adobe issues 'emergency' Flash update to stop new malware

www.electronista.com
Adobe has issued a patch to update Flash on both the Mac and Windows platform in order to fix two new vulnerabilities already being exploited "in the wild" to spread malware. One of the targeted attacks using the exploit works equally well against Mac users as it does against Windows...
Adobe issues 'emergency' Flash update to stop new malware

There's A Nasty Bug That Can Reset Your Galaxy S III If You're Not Careful (GOOG)

www.businessinsider.com
There are several reports going around this morning about a malicious line of web code for Samsung's Galaxy S III that causes the phone to reset to factory settings if you visit the page. The exploit was discovered by security researchers and demoed in this YouTube video that's being passed...
There's A Nasty Bug That Can Reset Your Galaxy S III If You're Not Careful (GOOG)

New attack bypasses virtually all AV protection

www.theregister.co.uk
Bait, switch, exploit! Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.…...
New attack bypasses virtually all AV protection

HTML5 flaw lets browsers fill hard drives with junk data

www.electronista.com
On the heels of more problems with browser plug-ins such as Java and Flash, a newly-discovered flaw in HTML5 -- used throughout the web and a fundamental part of all modern browsers -- can be used maliciously to fill hard drives to capacity with junk data. The exploit can be...
HTML5 flaw lets browsers fill hard drives with junk data
$5,000 will buy you access to another, new critical Java vulnerability

Some U.S. Government Websites Vulnerable to Spammy Redirects

betabeat.com
Not government sanctioned. Many Americans may instinctively believe there’s little risk in visiting any site that ends with .gov. It’s the government, their sites are secure, right? Apparently not. Sophos’s NakedSecurity blog reports that spammers have discovered many U.S. sites are vulnerable to a simple exploit that sends the unwary to...
Some U.S. Government Websites Vulnerable to Spammy Redirects
Google Wallet prepaid service re-enabled after security fix

Adobe releases emergency patch for Windows and OS X systems

www.pcworld.com
Adobe recently released an emergency update for Flash Player on all platforms after two zero-day bugs were discovered in the wild targeting Windows and Mac OS X computers. The vulnerabilities allowed hackers to hijack both Windows PCs and Macs. Adobe recommends all users to update their systems as soon...
Adobe releases emergency patch for Windows and OS X systems

Attention all Windows users: patch your systems now

arstechnica.com
Online attackers are actively exploiting a vulnerability in Internet Explorer that allows them to execute malicious code on computers that visit booby-trapped websites, researchers said in an advisory that underscores the importance of installing a Microsoft patch as soon as possible. The exploit of a critical IE bug, reported by...
Attention all Windows users: patch your systems now

Prominent iOS hacker Comex no longer working at Apple after communications breakdown

9to5mac.com
Famed iOS hacker Comex tweeted today that his internship at Apple has ceased. “So… no point in delaying,” he said to 195,000 followers. “As of last week, after about a year, I’m no longer associated with Apple.” Comex, real name Nicholas Allegra, explained to Forbes that his employment at Apple was...
Prominent iOS hacker Comex no longer working at Apple after communications breakdown

Why The iOS 6.1 Exploit Is No Reason To Worry

readwrite.com
Want to break into someone's new iPhone? It's easy! First you click the emergency call button, hold down the power button, click cancel, tap the numbers 112, begin the call, and then quickly end the call. Got it? Part two: return to the passcode screen and start holding the power...
Why The iOS 6.1 Exploit Is No Reason To Worry
Hacker gives up on stealing iOS in-app purchases, focuses on Mac
First iOS 6.1.1 beta does not break recently released evasi0n jailbreak

Black Hat: Shark-bitten security researcher takes another chomp out of Oracle database

www.computerworld.com
A researcher scored again against Oracle's database by demonstrating at the Black Hat security conference Thursday an exploit that would allow him to take control as an administrator....
Black Hat: Shark-bitten security researcher takes another chomp out of Oracle database

New iOS hack yields in-app freebies

news.cnet.com
A new exploit gives users free access to digital content within iOS apps, content that normally costs money. [Read more]...
New iOS hack yields in-app freebies
× Just a test of the new info bar. What do you think?